[go: up one dir, main page]

CN101329658B - Encryption and decryption method, and PLC system using the same - Google Patents

Encryption and decryption method, and PLC system using the same Download PDF

Info

Publication number
CN101329658B
CN101329658B CN 200710111294 CN200710111294A CN101329658B CN 101329658 B CN101329658 B CN 101329658B CN 200710111294 CN200710111294 CN 200710111294 CN 200710111294 A CN200710111294 A CN 200710111294A CN 101329658 B CN101329658 B CN 101329658B
Authority
CN
China
Prior art keywords
key
memory
access
user
plc
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN 200710111294
Other languages
Chinese (zh)
Other versions
CN101329658A (en
Inventor
唐文
胡建钧
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Siemens Ltd China
Original Assignee
Siemens Ltd China
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens Ltd China filed Critical Siemens Ltd China
Priority to CN 200710111294 priority Critical patent/CN101329658B/en
Priority to EP08104358A priority patent/EP2006792A3/en
Publication of CN101329658A publication Critical patent/CN101329658A/en
Application granted granted Critical
Publication of CN101329658B publication Critical patent/CN101329658B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)
  • Programmable Controllers (AREA)

Abstract

The invention relates to the field of industrial computer software safety, in particular to a method for encrypting and decrypting information in a memorizer and a PLC system for applying the method. The encrypting method of the invention comprises the following steps of storing an algorithm F()in the system; mapping the unique identifier of the memorizer into a cipher key K; encrypting the information stored in the memorizer by utilizing the cipher key K based on a symmetric encryption algorithm; and predefining the access strategy based on the user identity in order to control the user's access to the information stored in the memorizer; and storing the access strategy in the memorizer by utilizing the cipher key K based on the symmetric encryption algorithm. During the decryption process, decrypting, information stored in the memorizer is decrypted by utilizing the cipher key K based on the symmetric encryption algorithm, and the access strategy is decrypted by utilizing the cipher key K based on the symmetric encryption algorithm. Then the user's access to the information stored in the memorizer is controlled based on the user identity. The method and the system of the invention have the advantage of being capable of enhancing the safety of software codes.

Description

Encryption and decryption method and PLC system applying same
Technical Field
The invention relates to the field of software security, in particular to an encryption and decryption method and a PLC system applying the method.
Background
Programmable Logic Controllers (PLCs) or programmable controllers are widely used in plant automation, such as for controlling assembly lines of a plant. Existing PLCs typically operate and control using program/control parameters, such as ladder logic, state transition diagrams, etc. (which are program code in industrial control). However, the existing PLC does not provide a good access control mechanism, such as encrypting software to prevent the control program from being leaked, and especially some existing control programs are stored in a hot-pluggable storage medium, such as a multimedia card (MMC card), a secure digital memory card (SD card), etc., so the control program is easily leaked, and a manufacturer producing the control program may be damaged.
Without proper access control, anyone (including a malicious user, an industrial spy, etc.) may directly operate the PLC or may access the control program stored in the PLC through a network to perform any operations such as reading/writing/execution of the PLC control program. Now, the control program is very important in the application of enterprise automation production and process control, and has become the key of the availability, efficiency, performance, productivity, production safety and confidentiality of the automation system, so the control program has become an important software asset in the automation system. Without corresponding protection measures or with only weak protection measures, the PLC may cause the security of the automation system to be threatened, the enterprise property to be damaged, and the market share to be lost.
US patent US 20040260954a1, "biometrics PLC access control system and method," teaches a control subsystem for an automated system for accessing a PLC, the system including a PLC-based server for receiving a unique identifier code (e.g., fingerprint, etc.) for an accessor's biology and verifying the unique identifier code to determine whether to allow the accessor access to the PLC. However, this solution only allows or denies the user to access the PLC, does not encrypt the source code of the control program, and cannot further subdivide which type of PLC the user can access, and which type of control program cannot be accessed.
At present, the PLC300 produced by siemens uses an MMC card to store a control program, the MMC card prevents recognition by a general MMC card reader in a special format, and only a special card reader (which is generally used by programmers for designing a control program) produced by the PLC of siemens or the siemens can obtain contents stored in the MMC card.
Neither of the above two methods encrypts PLC software, thereby implementing access control.
In the prior art, there are many methods for encrypting data stored inside a computer, for example, chinese patent application No. 02152606.0, which discloses a method and an apparatus for encrypting and decrypting data, and the scheme combines a plurality of pre-established encryption algorithm modules, and selects a group of encryption algorithm module combinations to encrypt the data in cooperation with a dynamic region selection mechanism corresponding to data attributes. The method has large calculation amount and is suitable for being applied to computers with strong calculation capacity.
For the industrial automation field, a Programmable Logic Controller (PLC) or a programmable controller is different from an existing computer to a certain extent because most of controllers used in the industrial field have limited processing capability and cannot perform very complicated operations like a computer, and therefore most of data processing methods applied to the computer cannot be operated in industrial control; in addition, the system design structure of the industrial controller is different from that of a computer, for example, some memories in the industrial controller are not accessible to a user and can only be accessed by an operating system of the industrial controller, so that many data processing methods applied to the computer at present are not suitable for running on the industrial controller.
Disclosure of Invention
In order to solve the above problems, the present invention provides an encryption method, which can better protect software source codes, especially PLC control program source codes.
The invention also provides a decryption method, which maps the unique identifier of the memory into a key K and decrypts the information in the memory by using the key.
The invention also provides a PLC system applying the encryption or decryption method, which realizes better key security through the mapping module and the access control module, and distinguishes the access authority of the user, thereby achieving better security of the software source code.
An encryption method comprises the following steps: storing an algorithm F () in a system where the memory is located, mapping a unique identifier of the memory into a key K by using the algorithm, and encrypting information stored in the memory by using the key K through a symmetric encryption algorithm; wherein,
the algorithm F () is: predefining an m x n key factor matrix stored in the system, wherein each element in the key factor matrix is a randomly generated positive integer, and m and n are positive integers greater than 1; and operating the unique identifier, selecting a plurality of key factors from a key factor matrix according to the operation result, generating a key K according to the key factors, and encrypting the information in the memory by using the key.
According to a further aspect of the encryption method of the present invention, said performing a hash operation on the unique identifier means performing a repeated hash operation on the unique identifier and mapping the hash operation result to different elements in the key factor matrix.
According to another further aspect of the encryption method of the present invention, the system comprises a PLC system.
According to another further aspect of the encryption method of the present invention, the key factor matrix is stored in an illegal read-write prevention chip, or is encrypted by using PLC hardware parameters and stored in a fixed memory in the PLC system, such as a ROM or an EPROM native to the system.
According to another further aspect of the encryption method of the present invention, the information in the memory includes: and (5) a control program of the PLC.
According to another further aspect of the encryption method of the present invention, an access policy is defined in advance according to the identity of the user to control the access of the user to the PLC control program, the access policy is encrypted using the key K, and the access policy is stored in the memory.
According to another further aspect of the inventive encryption method, the control program is encrypted using a randomly generated key SK, and the key SK is stored in the access policy, which is encrypted by key K.
According to another further aspect of the encryption method of the present invention, the memory comprises: memory fixed in the PLC system, such as ROM, EPROM, and removable memory, such as MMC card, CF card, etc.
A decryption method corresponding to the encryption method of the present invention, a system in which a memory is located reads a unique identifier in the memory, maps the unique identifier to a key K using an algorithm F () stored in the system, decrypts information to be stored in the memory by using the key K through a symmetric encryption algorithm; wherein,
the algorithm F () is: and operating the unique identifier, selecting a plurality of key factors from a key factor matrix stored in the system according to the operation result, generating a key K according to the key factors, and decrypting the information in the memory by using the key, wherein the key factor matrix is a key factor matrix of m x n used in encryption, each element in the key factor matrix is a positive integer randomly generated, and m and n are positive integers greater than 1.
The PLC system applying the encryption or decryption method comprises a CPU, a memory, a bus and a plurality of I/O modules, wherein the CPU, the memory and the I/O modules are all connected to the bus; the system further comprises a mapping module which is connected with the bus and used for mapping the unique identifier of the memory into a key K by using the algorithm F (), and encrypting or decrypting the information stored in the memory by using the key K through a symmetric encryption algorithm.
According to a further aspect of the PLC system of the present invention, the PLC system further includes an access control module, connected to the bus, for obtaining the identity information of the user through the I/O module, and controlling the user to access the information stored in the memory according to the identity information.
According to another further aspect of the PLC system of the present invention, the access control module includes an authority execution unit and an authority decision unit, the authority execution unit is connected to the bus, obtains identity information of a user and access information of the user, transmits the identity information and the access information to the authority decision unit, and controls access of the user according to a returned result of the authority decision unit; and the permission decision unit is connected with the bus, receives the identity information and the access information, judges whether the access request of the user is legal or not according to the user access strategy stored in the memory, and returns a decision result.
According to another further aspect of the PLC system of the present invention, the memory includes a memory fixed in the PLC system and a removable memory.
The invention has the advantages that the software source code can be safely protected, especially the PLC control program in the movable memory can be better protected, and a cracker is prevented from cracking the control program of the PLC. And the access control of the control program in the PLC application can be realized, so that the safety of the PLC system is further enhanced.
Drawings
FIG. 1 is a flow chart of an encryption method of the present invention applied in a PLC system;
FIG. 2 is a flowchart illustrating the decryption process of the present invention after an encrypted MMC card is inserted into a PLC;
fig. 3 is a diagram showing a PLC system structure to which the encryption method and access control of the present invention are applied.
Detailed Description
The present invention will be described in detail below with reference to the accompanying drawings.
The invention provides a method for protecting information in a memory, which selects a password mapping algorithm F (), combines a unique identifier of the memory to generate a KeyIDF (ID), where ID is a unique identifier of the memory, KeyIDFor the Key, F () may include, but is not limited to, a Key hash function, which directly converts the unique identifier of the memory into a Key KeyIDF () may also use an ID-key mapping method and the like to be described below. By using KeyIDThe present invention describes a control program in an encryption or decryption memory in a PLC system, which is only an example of a PLC system, for encrypting or decrypting information in the memory for a symmetric encryption algorithm of a key, but the encryption or decryption algorithm of the present invention can also be applied to an existing computer system. In addition, the access control module can be added to realize the access control of the user to the control program, and the access of the user to the control program is controlled according to the identity information of the user; the access control module intercepts all requests for accessing the control program in the memory, namely the OS can access the control program on the memory through the permission of the access control module, so that the aim of limiting the access of an unauthorized user is fulfilled. The encryption scheme based on the unique identifier of the memory protects the source code of the PLC program, such as a ladder diagram, ladder logic, a statement table, a function module diagram, a sequential function diagram, a structured text and the like of the PLC. The following embodiments exemplify the memory as a removable memory such as an MMC card, an SD card, etc., and do not exclude a fixed memory such as a ROM, an EPROM, etc. in the existing PLC system because the existing removable or fixed memory has a unique identifier.
The following is an embodiment of the present invention for encrypting a control program:
referring to fig. 1, which is a flow chart illustrating an encryption method applied in a PLC system according to the present invention, each MMC card has a unique identifier, which is stored in the MMC card and cannot be tampered with, step 11. The MMC card stores a control program of the PLC.
At initialization, a Key Factor Matrix (KFM) is generated as a mapping algorithm F (),
KFM = k 11 k 12 . . . k 1 n k 21 k 22 . . . k 2 n . . . . . . . . . . . . k m 1 k m 2 . . . k mn ,
the KFM comprises m and n different key factors, wherein m and n are positive integers larger than 1, each element k in the matrix, namely the key factors, are randomly generated positive integers, and the key factors are used for forming a key of the protection authority strategy.
And storing the KFM in the PLC in an encryption mode to prevent access and cracking of crackers, wherein the KFMs in different PLCs are the same. The KFM may also be encrypted using, for example, PLC hardware parameters (e.g., CPU number as a key to encrypt the KFM, since the CPU number is not available to the operator on the PLC unless the CPU is removed for analysis) and stored in a memory of the PLC system, or stored in a memory of the operating system (since the memory of the PLC storing the operating system is not accessible to the operator, so that a cracker cannot find the KFM in the memory), or stored in a tamper-resistant device (e.g., a tamper-resistant memory chip that is sensitive to ultraviolet light).
Step 12, the control program is encrypted using the unique Identifier (ID) of the MMC card in the following manner,
h1=hash(MMC ID),i1=h1 mod m;
h2=hash(h1), i2=h2 mod m;
………
hn=hash(hn-1), in=hn mod m
m is the number of rows in the KFM key factor matrix, n may also be used as a divisor, and here may not be limited to using a hash algorithm such as the information-digest algorithm (MD5), the secure hash algorithm (SHA-1), etc.
I for PLC1,i2,...,inFor row index, find KFM in PLC and obtain n key factors
Figure GFW00000059587600051
Figure GFW00000059587600052
Figure GFW00000059587600053
And (3) calculating:
K = k i 1 1 * k i 2 2 * . . . * k i n n mod 2 L ,
or calculating:
K = hash ( k i 1 1 , k i 2 2 , . . . , k i n n ) ,
where L is the length of the key K desired by the encryptor, i.e., L ═ length (K).
And step 13, encrypting the control program in the MMC card by using the K secret key.
Preferably, in order to implement Access Control in the PLC system for higher security, the storage area of the MMC card includes two segments, one segment is used to store encrypted Access policies including, but not limited to, autonomous Access Control (DAC), Mandatory Access Control (MAC), Role-Based Access Control (RBAC), and so on, and the implementation forms of the Access policies may include, but not limited to, an Access Control Matrix (ACM), an Access Control table (ACL), a Capability table (CL), and so on, in this case, the Access policies are stored using the ACL, and the other segment is used to store a plurality of encrypted Control programs that may belong to different owners (e.g., developers or operators of the PLC on the production line). In order to enhance the cracking difficulty, the control program P may be encrypted by using a randomly generated key SK, and an encryption algorithm E may be, for example, an AES, DES, or other symmetric algorithms. AsPreferably, for controlling the access of different users, the program P is directed toiUsing different keys SKiEncrypting and applying the key SKiStored in different ACLs, where SKiIs a random number.
Figure GFW00000059587600056
CiIs an encrypted control program.
Defining P for different users O (e.g. for owners/developers/managers) according to the needs of specific tasks and the needs of security aspectsiFor example, the access rule is:
ACLi=(IDj,Permission,SKi,Pi)
wherein the IDjFor the identity of user j, permission is that an authorized user is accessing a certain PiSpecific access rights such as read/write/execute, etc. One control program P can be paired for a plurality of usersiDifferent access rights define a plurality of access rules, the key SKiStored in correspondence with each control program PiOr the ACL may not include the SK, the plaintext of all access rules is stored in the ACL segment of the MMC card. The ACL is encrypted with a symmetric key algorithm with a key K.
During decryption, the step 102 and the key factor matrix KFM are used for carrying out Hash operation on the unique identifier of the MMC card firstly, and the Hash operation is carried out according to i1,i2,...,inFor row index, find KFM in PLC and obtain n key factors
Figure GFW00000059587600057
Figure GFW00000059587600058
Figure GFW00000059587600059
And obtaining a secret key K according to the same method during encryption, and decrypting the control program or ACL segment in the MMC card.
FIG. 2 is a flowchart illustrating the decryption process of the present invention after an encrypted MMC card is inserted into a PLC:
step 21, the user inputs the login password of the user, the authority execution unit in the access control module verifies the user identity, if the user identity passes the verification of the authority execution unit, the step 22 is entered, otherwise, the user is denied access. Preferably, the user logs in using an ID card representing his identity.
Step 22, the PLC system reads the KFM and decrypts the KFM if the KFM is encrypted;
and step 23, obtaining the unique identifier of the MMC card from the card reading device of the MMC card, and calculating the authority protection key K of the MMC card according to the method in the encryption step.
And 24, decrypting the ACL segment in the MMC card by using K, and loading all decrypted ACL rules to the access control module.
And step 25, obtaining the user identity information and the operation information, and judging whether the control program which the user requests to access can be accessed, if the user accords with the access authority in the ACL, entering step 26, otherwise, prompting the user that the access is illegal.
Step 26, transmitting corresponding ACL, the ACL including user's access right to a certain control program and key SK of the control programi
Step 27, using the secret key SKiControl program P for decrypting user accessiThus, the control program stored in the MMC can be protected according to the authority of the visitor. Alternatively, if the control program is not encrypted with the key SK, but only with the key K, the ACL may not include the key field.
Fig. 3 is a diagram showing a PLC system structure to which the encryption method and access control of the present invention are applied. The system comprises a bus, a CPU, a real-time clock, a memory (RAM, ROM, EPROMs, etc.), a plurality of I/O modules, a power supply module, etc. The RAM in the PLC is a main memory of the CPU, an operating system of the PLC is stored in a special non-volatile memory, such as a ROM, an EPROM, a flash memory and the like, and the memory of the operating system cannot be accessed by a user so as to ensure the safety of the operating system. When the PLC is started, the operating system is first loaded in the RAM and controls the PLC. Then, the control program of the PLC is loaded into the RAM through the I/O module to perform a control task. The control program may be stored in a fixed memory within the PLC, such as a ROM memory (which is different from the ROM or EPROM of the operating system) as shown in fig. 3, which is accessible by the user for the purpose of implementing a modification of the control program, or a removable MMC card, in which case both the control program and the access policy of the PLC are stored. The login information of the user and the control program on the MMC card are transmitted into the PLC system through the I/O module, and the I/O module reading the MMC card also reads the unique identifier of the MMC card; the mapping module is connected with the bus and used for mapping the unique identifier into a key K, and encrypting or decrypting the information stored in the MMC card by using the key through a symmetric encryption algorithm; and the access control module is connected with the bus and used for controlling the user to access the information stored in the MMC card according to the identity information of the user. The access control module comprises an authority execution unit (AEF) and an authority decision unit (ADF), the authority execution unit is connected with the bus, the identity information of a user and the access information of the user are obtained from an I/O module on the bus, the identity information and the access information are transmitted to the authority decision unit, and the access of the user is controlled according to the return result of the authority decision unit; the permission decision unit is connected with the bus, decides whether the access request of the user is legal or not according to the user access strategy stored in the MMC card, and returns the decision result.
The PLC system applying the encryption method and the access control of the invention works as follows:
the user inserts the user's own ID card into the card reader (I/O module), the authority execution unit in the access control module will verify the user's identity in the ID card, if the user's ID does not pass the verification of the verification module, the access of the user will be denied.
When the MMC card is inserted into an MMC card reader (an I/O module different from the user identity), the unique identifier of the MMC card is read, the mapping module maps the unique identifier into a key required by decryption, an ACL in the MMC card is decrypted, and the ACL is loaded into an authority decision unit (ADF) through a bus. In this case, the ACL is a plaintext, and the control program on the MMC card is a ciphertext encrypted by using the SK.
The authority execution unit AEF obtains the access request of the user to a specific control program through an I/O module on the bus, and the authority execution unit transmits the ID of the user and the name of the requested control program to the authority decision list through the bus.
The ADF determines whether the user can access the requested control program according to the ACL rule, and if the user can access the control program, the ADF returns the key SK of the corresponding control program to the AEFiAnd corresponding ACL rules. If the user is unable to access the corresponding control program, the access request is denied.
AEF SK returned by ADF using the above stepiThe requested control program is decrypted and the user is controlled to access the requested control program using a permission value (read/write/execute, etc.).
The invention has the advantages that the software source code can be safely protected, especially the PLC control program in the movable memory can be better protected, and a cracker is prevented from cracking the control program of the PLC. And the access control of the control program in the PLC application can be realized, so that the safety of the PLC system is further enhanced.
The above specific embodiments are merely illustrative of the present invention and are not intended to limit the present invention.

Claims (13)

1. A method of encrypting information stored in a memory, characterized by storing an algorithm F () in a system in which said memory is located, mapping a unique identifier of the memory to a key K by means of the algorithm, encrypting information stored in said memory by means of a symmetric encryption algorithm using said key K; wherein,
the algorithm F () is: predefining an m x n key factor matrix stored in the system, wherein each element in the key factor matrix is a randomly generated positive integer, and m and n are positive integers greater than 1; and operating the unique identifier, selecting a plurality of key factors from a key factor matrix according to the operation result, generating a key K according to the key factors, and encrypting the information in the memory by using the key.
2. The method of claim 1, wherein operating on the unique identifier is repeatedly hashing the unique identifier and mapping the result of the hashing to different elements in the key factor matrix.
3. The method of claim 2, wherein the system is a PLC system.
4. The method of claim 3, wherein the key factor matrix is stored in an anti-illegal read-write chip or encrypted by using PLC hardware parameters and stored in ROM or EPROM.
5. The method of claim 4, wherein the information in the memory comprises: and (5) a control program of the PLC.
6. The method of claim 5, wherein an access policy is defined in advance according to the identity of a user to control the access of the user to the PLC control program, and the access policy is encrypted by using the secret key K and stored in the memory.
7. The method of claim 6, wherein the control program is encrypted using a randomly generated key SK and the key SK is stored in the access policy, the access policy being encrypted by key K.
8. The method of encrypting information stored in a memory according to claim 6, wherein the memory comprises: a memory fixed in the PLC system and a removable memory.
9. A decryption method corresponding to the encryption method of claim 1, wherein a system in which the memory is located reads the unique identifier in the memory, maps the unique identifier to a key K using an algorithm F () stored in the system, and decrypts the information stored in the memory using the key K by a symmetric encryption algorithm; wherein,
the algorithm F () is: and operating the unique identifier, selecting a plurality of key factors from a key factor matrix stored in the system according to the operation result, generating a key K according to the key factors, and decrypting the information in the memory by using the key, wherein the key factor matrix is a key factor matrix of m x n used in encryption, each element in the key factor matrix is a positive integer randomly generated, and m and n are positive integers greater than 1.
10. A PLC system to which the encryption or decryption method of claim 1 or 9 is applied, comprising a CPU, a memory, a bus, a plurality of I/O modules; the CPU, the memory and the I/O module are all connected to the bus; the system is characterized by further comprising a mapping module connected to the bus and used for mapping the unique identifier of the memory into a key K by using the algorithm F (), and encrypting or decrypting the information stored in the memory by using the key K through a symmetric encryption algorithm.
11. The PLC system of claim 10, further comprising an access control module coupled to the bus, configured to obtain identity information of a user via the I/O module, and configured to control the user to access information stored in the memory according to the identity information.
12. The PLC system of claim 11, wherein the access control module comprises an authority execution unit and an authority decision unit, the authority execution unit is connected to the bus, obtains identity information of a user and access information of the user, transmits the identity information and the access information to the authority decision unit, and controls access of the user according to a return result of the authority decision unit; and the permission decision unit is connected with the bus, receives the identity information and the access information, judges whether the access request of the user is legal or not according to the user access strategy stored in the memory, and returns a decision result.
13. The PLC system according to claim 10, 11 or 12, wherein the memory comprises a memory fixed in the PLC system and a removable memory.
CN 200710111294 2007-06-21 2007-06-21 Encryption and decryption method, and PLC system using the same Active CN101329658B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN 200710111294 CN101329658B (en) 2007-06-21 2007-06-21 Encryption and decryption method, and PLC system using the same
EP08104358A EP2006792A3 (en) 2007-06-21 2008-06-11 Encryption and decryption methods and a PLC system using said methods

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 200710111294 CN101329658B (en) 2007-06-21 2007-06-21 Encryption and decryption method, and PLC system using the same

Publications (2)

Publication Number Publication Date
CN101329658A CN101329658A (en) 2008-12-24
CN101329658B true CN101329658B (en) 2012-12-05

Family

ID=39845238

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 200710111294 Active CN101329658B (en) 2007-06-21 2007-06-21 Encryption and decryption method, and PLC system using the same

Country Status (2)

Country Link
EP (1) EP2006792A3 (en)
CN (1) CN101329658B (en)

Families Citing this family (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP5414812B2 (en) * 2010-02-12 2014-02-12 三菱電機株式会社 Programmable controller
CN101815094A (en) * 2010-03-18 2010-08-25 中兴通讯股份有限公司 Method, device and system for realizing data shared access
CN102254122A (en) * 2010-05-21 2011-11-23 深圳市合信自动化技术有限公司 Programmable logic controller and management method of user programs thereof
JPWO2012111117A1 (en) * 2011-02-16 2014-07-03 三菱電機株式会社 Programmable logic controller and programmable logic controller password storage method
CN102289629A (en) * 2011-07-25 2011-12-21 深圳和而泰智能控制股份有限公司 Encryption system and method and singlechip system
CN102354142A (en) * 2011-07-26 2012-02-15 深圳市麦格米特控制技术有限公司 Encryption method for programmable logic controller (PLC)
CN103258168B (en) * 2012-02-17 2016-08-10 西门子公司 The encryption system of programmable logic controller (PLC) and encryption method thereof
WO2013147732A1 (en) * 2012-03-26 2013-10-03 Siemens Aktiengesellschaft Programmable logic controller having embedded dynamic generation of encryption keys
CN102999732B (en) * 2012-11-23 2015-04-22 富春通信股份有限公司 Multi-stage domain protection method and system based on information security level identifiers
US9607177B2 (en) * 2013-09-30 2017-03-28 Qualcomm Incorporated Method for securing content in dynamically allocated memory using different domain-specific keys
CN111756717B (en) * 2014-10-16 2022-10-18 创新先进技术有限公司 Information processing method and device
CN104573423B (en) * 2015-01-26 2017-10-31 无锡信捷电气股份有限公司 A kind of PLC software and hardware combinings encryption protecting method
CN104819097A (en) * 2015-04-03 2015-08-05 北京天诚同创电气有限公司 Protection method and device for programmable controller program of wind generating set
CN104991521B (en) * 2015-07-02 2018-03-09 大族激光科技产业集团股份有限公司 A kind of NC program segments prevent the method divulged a secret
DE102015212657A1 (en) * 2015-07-07 2017-01-12 Siemens Aktiengesellschaft Providing a device-specific cryptographic key from a cross-system key for a device
CN107659421A (en) * 2016-07-26 2018-02-02 耿跃峰 A kind of intelligent industrial automated system
CN108628242A (en) * 2018-04-12 2018-10-09 宇环数控机床股份有限公司 A kind of machine tool encryption and decryption and authorization method based on PLC control platforms
CN108964886B (en) * 2018-05-04 2022-03-04 霍尼韦尔环境自控产品(天津)有限公司 Communication method comprising encryption algorithm, communication method comprising decryption algorithm and equipment
CN111324085A (en) * 2020-04-08 2020-06-23 宁波和利时信息安全研究院有限公司 An access control method, access control component and PLC
CN112182548B (en) * 2020-09-23 2024-04-16 博流智能科技(南京)有限公司 Chip system
CN112579990A (en) * 2020-12-23 2021-03-30 深圳市兆威机电股份有限公司 Motor control program encryption method and device and terminal equipment
CN114167804B (en) * 2021-11-10 2024-12-20 汤臣智能科技(深圳)有限公司 Authentication method and system for PLC encryption program
CN114417370A (en) * 2021-12-24 2022-04-29 湖南麒麟信安科技股份有限公司 A RBD device data encryption method and system for Ceph distributed storage system
CN115268793A (en) * 2022-08-03 2022-11-01 中国电子科技集团公司信息科学研究院 Data safety deleting method based on data encryption and overwriting
CN118981784A (en) * 2024-10-22 2024-11-19 深圳市航顺芯片技术研发有限公司 Encryption method, device, storage medium and computer equipment for burning firmware

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6547617B1 (en) 1998-07-08 2003-04-15 Hiroyuki Kawamura Plasma display panel manufacturing method for manufacturing a plasma display panel with superior picture quality, a manufacturing apparatus and a phosphor ink
CN1779689A (en) * 2000-01-21 2006-05-31 索尼公司 Data processing apparatus and data processing method
AU768477B2 (en) * 2000-05-19 2003-12-11 Matsushita Electric Industrial Co., Ltd. Data recording medium and reproducing apparatus thereof
EP1329051A2 (en) * 2000-10-18 2003-07-23 Koninklijke Philips Electronics N.V. Generation of a common encryption key
US7191339B1 (en) * 2001-09-10 2007-03-13 Xilinx, Inc. System and method for using a PLD identification code
EP1715404A1 (en) * 2005-04-22 2006-10-25 Siemens Aktiengesellschaft System for the storage and recovery of confidential information
JP4670585B2 (en) * 2005-10-26 2011-04-13 ソニー株式会社 Setting apparatus and method, and program

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
李克洪等.无.《实用密码学与计算机数据安全》.东北大学出版社,1997,(第1版),第258-262页. *

Also Published As

Publication number Publication date
EP2006792A2 (en) 2008-12-24
CN101329658A (en) 2008-12-24
EP2006792A3 (en) 2009-07-08

Similar Documents

Publication Publication Date Title
CN101329658B (en) Encryption and decryption method, and PLC system using the same
CN100583117C (en) Control method of versatile content with partitioning
JP4615601B2 (en) Computer security system and computer security method
US6532542B1 (en) Protected storage of core data secrets
JP4848039B2 (en) Memory system with multipurpose content control
CN112513857A (en) Personalized cryptographic security access control in a trusted execution environment
WO2020107104A1 (en) Personalized and cryptographically secure access control in operating systems
US7840795B2 (en) Method and apparatus for limiting access to sensitive data
KR20100133953A (en) Systems and methods to secure your data
US8843766B2 (en) Method and system for protecting against access to a machine code of a device
CN102456111B (en) Method and system for license control of Linux operating system
JP2008524753A5 (en)
JP2008524755A5 (en)
CN103839011A (en) Protecting method and device of confidential files
US20100011221A1 (en) Secured storage device with two-stage symmetric-key algorithm
CN101120355B (en) System for creating control structure for versatile content control
WO2015163967A2 (en) Cryptographic method and system of protecting digital content and recovery of same through unique user identification
US11531626B2 (en) System and method to protect digital content on external storage
US20050081065A1 (en) Method for securely delegating trusted platform module ownership
KR100750697B1 (en) Digital document security system with shared storage having user access function, and document processing method using the system
KR100523843B1 (en) Apparatus for ACL-based control mechanism for access control in DRM client software
JP3646482B2 (en) ACCESS CONTROL DEVICE, COMPUTER-READABLE RECORDING MEDIUM CONTAINING ACCESS CONTROL PROGRAM, AND ACCESS CONTROL METHOD
JP4192738B2 (en) Electronic document editing device, electronic document editing program
JP7485455B2 (en) Secondary use management device, secondary use management method, and program
JP4474267B2 (en) Cryptographic processing device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant